javascript - Firebase Custom Claims doesn't propagate - Stack Overflow

admin管理员组

文章数量:1279118

I'm working in an Angular6 app with angularfire2. I'm setting the roles as custom claims in user creation, but it doesn't seem to propagate.

When I'm creating the user I send the userid, businessid and role to a cloud function:

bid > businessid

urole > role

req.body.uid > userid

  const customClaims = {
    roles: { [bid]: urole }
  }
  admin.auth().setCustomUserClaims(req.body.uid, customClaims)
    .then(result => {
      res
        .status(200)
        .send()
    })

The problem is when the call to cloud function finishes and I want to redirect the user to a route which requires the user to have the custom claim set, but it fails. After some debugging, I've found out that if run:

this.angularFireAuth.auth.currentUser.getIdTokenResult(true).then(result => {
      return result.claims.roles
    })

immediately after the call to the cloud function "result.claims.roles" is undefined, but if I refresh the page, "result.claims.roles" have the data I set before.

I've already tried the reload method, and getIdToken(true) but I'm getting the same problem.

Is there a way to avoid refreshing the page and get the custom claims?

Thank you!

I'm working in an Angular6 app with angularfire2. I'm setting the roles as custom claims in user creation, but it doesn't seem to propagate.

When I'm creating the user I send the userid, businessid and role to a cloud function:

bid > businessid

urole > role

req.body.uid > userid

  const customClaims = {
    roles: { [bid]: urole }
  }
  admin.auth().setCustomUserClaims(req.body.uid, customClaims)
    .then(result => {
      res
        .status(200)
        .send()
    })

The problem is when the call to cloud function finishes and I want to redirect the user to a route which requires the user to have the custom claim set, but it fails. After some debugging, I've found out that if run:

this.angularFireAuth.auth.currentUser.getIdTokenResult(true).then(result => {
      return result.claims.roles
    })

immediately after the call to the cloud function "result.claims.roles" is undefined, but if I refresh the page, "result.claims.roles" have the data I set before.

I've already tried the reload method, and getIdToken(true) but I'm getting the same problem.

Is there a way to avoid refreshing the page and get the custom claims?

Thank you!

• javascript
• firebase
• firebase-authentication
• angularfire2

Share Improve this question Follow edited Oct 10, 2018 at 3:33 Frank van Puffelen 600k8585 gold badges889889 silver badges859859 bronze badges asked Oct 9, 2018 at 20:51 EzeTejaEzeTeja 1,30511 gold badge1414 silver badges2525 bronze badges 2

• Can you add the code where you make the call to HTTP trigger endpoint and then get the result? I just want to verify that the code waits for the result before calling getIDTokenResult(true). Also be sure to update your SDKs to the latest version, as rules for Cloud Firestore, Cloud Storage, and RTDB used to only updated when the uid changed, not when the token changed. – Jen Person Commented Oct 9, 2018 at 21:03
• Jen, this is the call I've made setting up the role: return this.http.post(${this.environment.backendHostUrl}/api/user/role, { uid: userId, role: role, business: business }).pipe( catchError(error => of(console.log(error))) ).subscribe(response => { debugger <--- I get: response = "null" }) – EzeTeja Commented Oct 10, 2018 at 22:14

Add a ment  | 

2 Answers 2

Sorted by: Reset to default 10

When the user is signed in, they get an ID token that is valid for about an hour. If you set a custom claim, their (server-side) profile is updated immediately, but their ID token is not auto-updated. So you'll need to refresh their ID token to get the new custom claims.

As far as I know this ID token is only refreshed by calling getIdTokenResult if it has expired. If that's the cause, calling user.reload() and then getting the ID token should give you the updated claims.

For me it simply worked taking the advice from one of the ments:

// --------
// Frontend
// --------

// Triggering the cloud function
const url: string = 'url-to-your-cloud-function'
await this.http.post<unknown>(url, {}).toPromise();


// After cloud function was run and custom claim was set -> refresh the id token
// The 'currentUser' is a reference to the firebase user
await this.authService.currentUser.getIdToken(true);

// --------
// Cloud Function - createSubscription
// --------

const createSubscription = () => {  
  await admin.auth().setCustomUserClaims(userId, {
    subscriber: true
  })
}

本文标签： javascriptFirebase Custom Claims doesn39t propagateStack Overflow